security protection and xp antivirus 2012

[duffman1021]

Thanks so much for looking at my post. What a mess.

- Malwarebytes log: unavailable. I have tried your troubleshooting methods to run the program but it has been shutting down before the scan even starts. Subsequent attempts to access the program yields 'you do not have access to this file'.

DEFOGGER

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 00:25 on 05/09/2011 (Anthua)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

- No DDS.txt file appeared

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 9/22/2005 1:35:34 PM

System Uptime: 9/4/2011 10:36:44 PM (2 hours ago)

Processor: Intel® Pentium® M processor 1.60GHz | N/A | 1596/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 26.583 GiB free.

D: is Removable

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1298: 6/8/2011 12:52:49 PM - System Checkpoint

RP1299: 6/9/2011 8:14:51 PM - System Checkpoint

RP1300: 6/11/2011 8:19:43 AM - System Checkpoint

RP1301: 6/17/2011 2:16:35 PM - System Checkpoint

RP1302: 6/18/2011 2:31:24 PM - System Checkpoint

RP1303: 6/20/2011 9:10:04 AM - System Checkpoint

RP1304: 6/28/2011 1:35:59 PM - System Checkpoint

RP1305: 6/28/2011 5:11:25 PM - Installed Ad-Aware

RP1306: 6/28/2011 5:13:55 PM - Installed Ad-Aware

RP1307: 6/29/2011 8:03:00 PM - System Checkpoint

RP1308: 6/30/2011 8:25:02 PM - System Checkpoint

RP1309: 7/1/2011 8:58:52 PM - System Checkpoint

RP1310: 7/2/2011 9:27:25 PM - System Checkpoint

RP1311: 7/4/2011 7:48:54 AM - System Checkpoint

RP1312: 7/5/2011 9:54:02 AM - System Checkpoint

RP1313: 7/6/2011 7:36:36 PM - System Checkpoint

RP1314: 7/7/2011 8:43:31 PM - System Checkpoint

RP1315: 7/8/2011 9:25:15 PM - System Checkpoint

RP1316: 7/10/2011 8:00:55 PM - System Checkpoint

RP1317: 7/11/2011 8:04:52 PM - System Checkpoint

RP1318: 7/12/2011 8:43:19 PM - System Checkpoint

RP1319: 7/18/2011 3:15:58 PM - System Checkpoint

RP1320: 7/19/2011 8:23:48 PM - System Checkpoint

RP1321: 7/20/2011 9:04:11 PM - System Checkpoint

RP1322: 7/25/2011 2:58:40 PM - System Checkpoint

RP1323: 7/29/2011 9:43:38 PM - System Checkpoint

RP1324: 7/31/2011 7:53:38 AM - System Checkpoint

RP1325: 8/1/2011 7:58:21 AM - System Checkpoint

RP1326: 8/2/2011 8:25:30 PM - System Checkpoint

RP1327: 8/3/2011 9:31:03 PM - System Checkpoint

RP1328: 8/5/2011 7:54:58 PM - System Checkpoint

RP1329: 8/6/2011 8:43:53 PM - System Checkpoint

RP1330: 8/7/2011 9:32:22 PM - System Checkpoint

RP1331: 8/8/2011 10:16:47 PM - System Checkpoint

RP1332: 8/9/2011 10:39:37 PM - System Checkpoint

RP1333: 8/11/2011 6:41:17 PM - System Checkpoint

RP1334: 8/12/2011 8:18:19 PM - System Checkpoint

RP1335: 8/13/2011 8:22:01 PM - System Checkpoint

RP1336: 8/14/2011 9:13:57 PM - System Checkpoint

RP1337: 8/15/2011 10:05:37 PM - System Checkpoint

RP1338: 8/17/2011 7:35:51 AM - System Checkpoint

RP1339: 8/18/2011 7:42:28 AM - System Checkpoint

RP1340: 8/19/2011 2:03:27 PM - System Checkpoint

RP1341: 8/20/2011 2:38:33 PM - System Checkpoint

RP1342: 8/21/2011 3:20:44 PM - System Checkpoint

RP1343: 8/22/2011 4:27:24 PM - System Checkpoint

RP1344: 8/23/2011 8:17:02 PM - System Checkpoint

RP1345: 9/1/2011 2:27:39 PM - System Checkpoint

RP1346: 9/2/2011 2:32:09 PM - System Checkpoint

.

==== Installed Programs ======================

.

AAC Decoder

AC3Filter (remove only)

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0

Adobe Shockwave Player

AnyDVD

AutoUpdate

AVG Free 8.5

Avira AntiVir Personal - Free Antivirus

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities ZoomBrowser EX

CCleaner (remove only)

CDDRV_Installer

Citrix online plug-in (Web)

Click to DVD 2.0.03 Menu Data

Click to DVD 2.4.02

CompTracker 4.7

CompTracker 4.8

Dell Photo Printer 720

Dell Photo Printer 720 Logger

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

Documents To Go

DVD Shrink 3.2

DVgate Plus

H.264 Decoder

High Definition Audio Driver Package - KB835221

HighMAT Extension to Microsoft Windows XP CD Writing Wizard

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Image Converter 2

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PRO Network Connections Drivers

Intel® PROSet/Wireless Software

InterVideo WinDVD for VAIO

InterVideo WinDVDX

ISI ResearchSoft - Export Helper

ISScript

J2SE Runtime Environment 5.0

J2SE Runtime Environment 5.0 Update 6

Java Auto Updater

Java 6 Update 18

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Junk Mail filter update

Kaplan's DAT DTB

KhalInstallWrapper

Logitech QuickCam

Logitech SetPoint

Malwarebytes' Anti-Malware version 1.51.1.1800

mCore

mDriver

Memory Stick Formatter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office Outlook Connector

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Desktop Engine (VAIO_VEDB)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

MKV Splitter

mMHouse

MoodLogic

Mozilla Firefox (3.6.21)

mPfMgr

mProSafe

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

Neonatal Resuscitation DVD-ROM

Nero 6 Ultra Edition

Netscape Internet Service Setup

NVIDIA Drivers

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

PDF Manual NW-A600

PictureGear Studio 2.0

QuickTime

R.A.L.E. Lung Sounds Demo

RealPlayer

Realtek High Definition Audio Driver

Reference Manager 10

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Setting Utility Series

SigmaPlot 8.0

Sonic RecordNow!

SonicStage 4.3

SonicStage Mastering Studio Audio Filter Custom Preset

Sony Certificate PCH

Sony Download Taxi 1.5.0.0

Sony MP4 Shared Library

Sony USB Mouse

Sony Utilities DLL

Sony Video Shared Library

SPSS 11.0 for Windows Student Version

Spybot - Search & Destroy

Spybot - Search & Destroy 1.4

TVUPlayer 2.2.0

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VAIO Control Center

VAIO Entertainment Platform

VAIO Event Service

VAIO Launcher

VAIO Light Flo Wallpaper

VAIO Media 4.0

VAIO Media AC3 Decoder 1.0

VAIO Media Integrated Server 4.1

VAIO Media Redistribution 4.0

VAIO Media Registration Tool 4.0

VAIO Original Screen Saver

VAIO Original Screen Saver VAIO Motion SD Wide Contents

VAIO Power Management

VAIO Registration

VAIO Survey Standalone

VAIO TV Tuner Library 1.4

VAIO Update 2

VAIO Wireless Utility

VAIO Zone

VAIO Zone Remote Commander

VC80CRTRedist - 8.0.50727.762

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebEx

WebFldrs XP

WinAVI Video Converter

Windows Backup Utility

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows XP Service Pack 3

WinRAR archiver

Wireless Adapter Manager 1.3

Xvid 1.1.2 final uninstall

.

==== Event Viewer Messages From Past Week ========

.

9/4/2011 9:24:50 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.

9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The VAIO Entertainment Database Service service depends on the MSSQL$VAIO_VEDB service which failed to start because of the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Print Spooler service depends on the LexBce Server service which failed to start because of the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Intel® PROSet/Wireless Service service depends on the Intel® PROSet/Wireless Event Log service which failed to start because of the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7001] - The Image Converter video recording monitor for VAIO Entertainment service depends on the VAIO Entertainment Aggregation and Control Service service which failed to start because of the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Event Service service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment TV Device Arbitration Service service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment Task Scheduler service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The VAIO Entertainment Aggregation and Control Service service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The MSSQL$VAIO_VEDB service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The LexBce Server service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Intel® PROSet/Wireless Event Log service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:46 PM, error: Service Control Manager [7000] - The Canon Camera Access Library 8 service failed to start due to the following error: The system cannot find the file specified.

9/4/2011 10:38:21 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service VAIO Entertainment Aggregation and Control Service with arguments "" in order to run the server: {21ADFCC3-710C-492D-847C-342CE7B7BEC4}

9/4/2011 10:31:26 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:31:17 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:31:15 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:30:25 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: Access is denied.

9/4/2011 10:30:01 PM, error: Service Control Manager [7034] - The MSSQL$VAIO_VEDB service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:29:41 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:50 PM, error: Service Control Manager [7034] - The VAIO Entertainment Aggregation and Control Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:44 PM, error: Service Control Manager [7034] - The VAIO Entertainment Task Scheduler service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:42 PM, error: Service Control Manager [7034] - The VAIO Entertainment TV Device Arbitration Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:40 PM, error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:37 PM, error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:32 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:27 PM, error: Service Control Manager [7034] - The Image Converter video recording monitor for VAIO Entertainment service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:25 PM, error: Service Control Manager [7034] - The VAIO Entertainment Database Service service terminated unexpectedly. It has done this 1 time(s).

9/4/2011 10:27:11 PM, error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).

9/3/2011 7:56:15 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

9/3/2011 7:34:30 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/3/2011 7:34:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

9/3/2011 4:49:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/3/2011 3:56:18 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00014A608987 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

9/3/2011 2:34:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

9/3/2011 2:33:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/3/2011 2:33:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service or group failed to start.

9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/3/2011 2:33:13 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

9/3/2011 2:17:06 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

9/3/2011 2:14:55 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

9/3/2011 2:14:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG Free8 WatchDog service to connect.

9/3/2011 2:14:55 PM, error: Service Control Manager [7000] - The AVG Free8 WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/3/2011 2:10:45 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).

9/3/2011 2:07:05 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/3/2011 2:05:14 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.

9/3/2011 2:03:29 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Thanks again

[screen317]

Hi and welcome to Malwarebytes.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, delete your copy of DDS. Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

[duffman1021]

thanks for replying

2011/09/07 21:44:54.0734 2896 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56

2011/09/07 21:44:55.0390 2896 ================================================================================

2011/09/07 21:44:55.0390 2896 SystemInfo:

2011/09/07 21:44:55.0390 2896

2011/09/07 21:44:55.0390 2896 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/07 21:44:55.0390 2896 Product type: Workstation

2011/09/07 21:44:55.0390 2896 ComputerName: A25BD8260D5F438

2011/09/07 21:44:55.0390 2896 UserName: Anthua

2011/09/07 21:44:55.0390 2896 Windows directory: C:\WINDOWS

2011/09/07 21:44:55.0390 2896 System windows directory: C:\WINDOWS

2011/09/07 21:44:55.0406 2896 Processor architecture: Intel x86

2011/09/07 21:44:55.0406 2896 Number of processors: 1

2011/09/07 21:44:55.0406 2896 Page size: 0x1000

2011/09/07 21:44:55.0406 2896 Boot type: Normal boot

2011/09/07 21:44:55.0406 2896 ================================================================================

2011/09/07 21:44:57.0390 2896 Initialize success

2011/09/07 21:44:58.0828 3072 ================================================================================

2011/09/07 21:44:58.0828 3072 Scan started

2011/09/07 21:44:58.0828 3072 Mode: Manual;

2011/09/07 21:44:58.0828 3072 ================================================================================

2011/09/07 21:45:01.0609 3072 6b7d23d2 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\3525541227:2491604013.exe

2011/09/07 21:45:05.0671 3072 Suspicious file (Hidden): C:\WINDOWS\3525541227:2491604013.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/09/07 21:45:05.0687 3072 6b7d23d2 - detected HiddenFile.Multi.Generic (1)

2011/09/07 21:45:05.0890 3072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/07 21:45:05.0937 3072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/09/07 21:45:06.0015 3072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/07 21:45:06.0093 3072 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/09/07 21:45:06.0156 3072 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/09/07 21:45:06.0359 3072 AnyDVD (22b2e9cd92611f64618c9824dc234a60) C:\WINDOWS\system32\Drivers\AnyDVD.sys

2011/09/07 21:45:06.0421 3072 ApfiltrService (d3da11b88ab29076b78ff79f35f0586b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/09/07 21:45:06.0531 3072 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/07 21:45:06.0671 3072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/07 21:45:06.0734 3072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/07 21:45:06.0812 3072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/07 21:45:06.0859 3072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/07 21:45:06.0937 3072 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2011/09/07 21:45:06.0984 3072 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2011/09/07 21:45:07.0046 3072 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2011/09/07 21:45:07.0125 3072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/07 21:45:07.0218 3072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/07 21:45:07.0359 3072 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/07 21:45:07.0421 3072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/07 21:45:07.0484 3072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/07 21:45:07.0531 3072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/07 21:45:07.0593 3072 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/09/07 21:45:07.0656 3072 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/09/07 21:45:07.0765 3072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/07 21:45:07.0859 3072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/07 21:45:07.0937 3072 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/09/07 21:45:08.0046 3072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/07 21:45:08.0203 3072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/07 21:45:08.0359 3072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/07 21:45:08.0515 3072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/07 21:45:08.0578 3072 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/09/07 21:45:08.0687 3072 ElbyCDIO (cd35088d84a17ca694658a3cb0ebd13c) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2011/09/07 21:45:08.0812 3072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/07 21:45:08.0875 3072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/09/07 21:45:08.0921 3072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/07 21:45:08.0953 3072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/09/07 21:45:09.0000 3072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/07 21:45:09.0031 3072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/07 21:45:09.0078 3072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/07 21:45:09.0140 3072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/07 21:45:09.0203 3072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/09/07 21:45:09.0296 3072 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/07 21:45:09.0390 3072 HSFHWAZL (3d812d0de9344bc9bd1a1b8575b883db) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/09/07 21:45:09.0656 3072 HSF_DP (0e130bec5a13cf68adaa216ab55a8dff) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/09/07 21:45:09.0750 3072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/07 21:45:09.0859 3072 i8042prt (58449fff9a05f9632c11baf723cf5ba8) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/07 21:45:09.0859 3072 i8042prt - detected Rootkit.Win32.ZAccess.e (0)

2011/09/07 21:45:10.0031 3072 ialm (0c7b8efc2b1ac4cd62f4e7eafc864b95) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/09/07 21:45:10.0171 3072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/07 21:45:10.0406 3072 IntcAzAudAddService (93903ddd430db2fc61cbeeb2be651e9f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/09/07 21:45:10.0546 3072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/09/07 21:45:10.0609 3072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/09/07 21:45:10.0656 3072 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/07 21:45:10.0796 3072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/07 21:45:10.0859 3072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/07 21:45:10.0921 3072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/07 21:45:11.0000 3072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/07 21:45:11.0046 3072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/07 21:45:11.0125 3072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/07 21:45:11.0156 3072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/07 21:45:11.0203 3072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/07 21:45:11.0296 3072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/07 21:45:11.0375 3072 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2011/09/07 21:45:11.0468 3072 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/09/07 21:45:11.0531 3072 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/09/07 21:45:11.0593 3072 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/09/07 21:45:11.0640 3072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/07 21:45:11.0687 3072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/07 21:45:11.0765 3072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/07 21:45:11.0781 3072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/09/07 21:45:11.0828 3072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/07 21:45:11.0921 3072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/07 21:45:12.0015 3072 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/07 21:45:12.0078 3072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/07 21:45:12.0125 3072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/07 21:45:12.0156 3072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/07 21:45:12.0187 3072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/07 21:45:12.0234 3072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/07 21:45:12.0296 3072 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/07 21:45:12.0343 3072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/07 21:45:12.0406 3072 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/07 21:45:12.0453 3072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/07 21:45:12.0484 3072 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/07 21:45:12.0531 3072 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/07 21:45:12.0640 3072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/07 21:45:12.0671 3072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/07 21:45:12.0718 3072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/07 21:45:12.0765 3072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/07 21:45:12.0796 3072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/07 21:45:12.0890 3072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/07 21:45:12.0937 3072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/07 21:45:13.0312 3072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/07 21:45:13.0437 3072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/07 21:45:13.0656 3072 nv (2d09525d0f4f373397893f45b2e4e9ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/07 21:45:13.0859 3072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/07 21:45:13.0890 3072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/07 21:45:14.0015 3072 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/07 21:45:14.0093 3072 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/09/07 21:45:14.0140 3072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/09/07 21:45:14.0171 3072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/07 21:45:14.0218 3072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/07 21:45:14.0250 3072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/07 21:45:14.0312 3072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/07 21:45:14.0343 3072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/09/07 21:45:14.0406 3072 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/09/07 21:45:14.0781 3072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/07 21:45:14.0843 3072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/07 21:45:14.0890 3072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/07 21:45:14.0937 3072 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/07 21:45:15.0000 3072 QCDonner (18b6755475f560dfffda079495cffd7c) C:\WINDOWS\system32\DRIVERS\LVCD.sys

2011/09/07 21:45:15.0203 3072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/07 21:45:15.0234 3072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/07 21:45:15.0265 3072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/07 21:45:15.0296 3072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/07 21:45:15.0343 3072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/07 21:45:15.0453 3072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/07 21:45:15.0546 3072 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/07 21:45:15.0625 3072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/07 21:45:15.0703 3072 s24trans (d4661148e44816b6501be8f4466d65b0) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2011/09/07 21:45:15.0812 3072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/07 21:45:15.0859 3072 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/09/07 21:45:15.0921 3072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/09/07 21:45:16.0015 3072 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/07 21:45:16.0156 3072 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2011/09/07 21:45:16.0250 3072 SONYTVC (2100a5cc7dd75a5a0dba3cb9eb4f16bb) C:\WINDOWS\system32\DRIVERS\SONYTVC.sys

2011/09/07 21:45:16.0359 3072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/07 21:45:16.0421 3072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/07 21:45:16.0484 3072 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/07 21:45:16.0562 3072 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/07 21:45:16.0609 3072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/07 21:45:16.0687 3072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/07 21:45:16.0875 3072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/07 21:45:16.0937 3072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/07 21:45:17.0031 3072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/07 21:45:17.0109 3072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/07 21:45:17.0125 3072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/07 21:45:17.0203 3072 tifmsony (fb481e8cd426d0e5f96a838a47390c94) C:\WINDOWS\system32\drivers\tifmsony.sys

2011/09/07 21:45:17.0281 3072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/07 21:45:17.0375 3072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/07 21:45:17.0546 3072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/07 21:45:17.0625 3072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/09/07 21:45:17.0671 3072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/07 21:45:17.0718 3072 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/07 21:45:17.0750 3072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/07 21:45:17.0812 3072 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/07 21:45:17.0875 3072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/09/07 21:45:17.0968 3072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/07 21:45:18.0031 3072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/07 21:45:18.0218 3072 w29n51 (68eb5bc07781a36a63633541c11e1ad6) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2011/09/07 21:45:18.0453 3072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/07 21:45:18.0546 3072 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/09/07 21:45:18.0625 3072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/07 21:45:18.0750 3072 winachsf (c08fad1207bb219bdf9eec30afc1809e) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/09/07 21:45:18.0843 3072 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/07 21:45:18.0906 3072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/07 21:45:18.0953 3072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/07 21:45:19.0234 3072 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys

2011/09/07 21:45:19.0281 3072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/07 21:45:19.0453 3072 Boot (0x1200) (887e43c46e9611c62e6a9f758ead4853) \Device\Harddisk0\DR0\Partition0

2011/09/07 21:45:19.0468 3072 ================================================================================

2011/09/07 21:45:19.0468 3072 Scan finished

2011/09/07 21:45:19.0468 3072 ================================================================================

2011/09/07 21:45:19.0484 3056 Detected object count: 2

2011/09/07 21:45:19.0484 3056 Actual detected object count: 2

2011/09/07 21:45:21.0531 3056 HiddenFile.Multi.Generic(6b7d23d2) - User select action: Skip

2011/09/07 21:45:21.0578 3056 i8042prt (58449fff9a05f9632c11baf723cf5ba8) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/07 21:45:21.0593 3056 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813

2011/09/07 21:45:25.0546 3056 Backup copy found, using it..

2011/09/07 21:45:25.0562 3056 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured after reboot

2011/09/07 21:45:25.0562 3056 Rootkit.Win32.ZAccess.e(i8042prt) - User select action: Cure

2011/09/07 21:45:37.0859 3000 Deinitialize success

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18

Run by Anthua at 21:52:42 on 2011-09-07

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.31 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\sony\Wireless adapter\ZDWLan.EXE

C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Apoint\Apntex.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Apoint] "c:\program files\apoint\Apoint.exe"

mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"

mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [VZRemoteCommander] "c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe"

mRun: [LVCOMS] "c:\program files\common files\logitech\qcdriver\LVCOMS.EXE"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Wireless Adapter Manager] c:\program files\sony\wireless adapter\ZDWLan.EXE -minisize

mRun: [AutoEJCD_0ACE20FF] c:\program files\autoinstall\zd1211b_auto_install_cd_only_gen_0ace20ff\AutoEJCD.EXE /VID=0ACE /PID=20FF

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

dRun: [2906743578] c:\windows\system32\config\systemprofile\local settings\application data\pdo.exe

dRun: [2432639790] c:\windows\system32\config\systemprofile\local settings\application data\eio.exe

dRun: [2078852255] c:\windows\system32\config\systemprofile\local settings\application data\uor.exe

dRun: [781995231] c:\windows\system32\config\systemprofile\local settings\application data\hmg.exe

dRun: [3930296170] c:\windows\system32\config\systemprofile\local settings\application data\vrt.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab

DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab

DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab

DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194

TCP: Interfaces\{B9BE900E-F2E9-485B-9184-2EE8AC141EA3} : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxsrvc.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Notify: VESWinlogon - VESWinlogon.dll

Notify: WRNotifier - WRLogonNTF.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\anthua\application data\mozilla\firefox\profiles\9mi3mtl9.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-6-28 64512]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-2 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 108552]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-6-20 2152152]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]

.

=============== Created Last 30 ================

.

2011-09-08 01:36:58 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp

2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\lcnx.exe

2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\jesr.exe

2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\gygs.exe

2011-09-06 16:32:41 0 ----a-w- c:\documents and settings\all users\application data\fkfr.exe

2011-09-05 16:22:37 0 ----a-w- c:\documents and settings\all users\application data\rlvn.exe

2011-09-05 16:22:36 0 ----a-w- c:\documents and settings\all users\application data\ncoh.exe

2011-09-05 16:22:35 0 ----a-w- c:\documents and settings\all users\application data\jhde.exe

2011-09-05 16:22:34 0 ----a-w- c:\documents and settings\all users\application data\osxi.exe

2011-09-05 05:22:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-04 23:38:29 0 ----a-w- c:\documents and settings\all users\application data\vkaj.exe

2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\obwp.exe

2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\fjex.exe

2011-09-04 23:38:28 0 ----a-w- c:\documents and settings\all users\application data\cvxw.exe

2011-09-03 22:50:29 0 ----a-w- c:\documents and settings\all users\application data\fasx.exe

2011-09-03 22:50:28 0 ----a-w- c:\documents and settings\all users\application data\tkbk.exe

2011-09-03 22:50:28 0 ----a-w- c:\documents and settings\all users\application data\aywq.exe

2011-09-03 22:50:27 0 ----a-w- c:\documents and settings\all users\application data\cyph.exe

2011-09-03 14:02:38 0 ----a-w- c:\documents and settings\all users\application data\vokj.exe

2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\kvdi.exe

2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\grrd.exe

2011-09-03 14:02:37 0 ----a-w- c:\documents and settings\all users\application data\fxmg.exe

2011-09-03 11:55:25 4194304 ----a-w- c:\windows\system32\gmjfyemo.dll

2011-09-03 11:54:35 893952 ----a-w- c:\documents and settings\all users\application data\defender.exe

.

==================== Find3M ====================

.

2011-09-08 01:46:56 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-06-28 21:21:49 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-20 14:31:32 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

.

============= FINISH: 21:54:57.37 ===============

Looking forward to your reply

[screen317]

Hi,

I notice that you are using more than one antivirus program (Lavasoft and AVG). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program. Reboot.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[duffman1021]

An issue with running combofix.

- I uninstalled all antivirus programs except one (AVG)

When I tried to run combofix:

- I was warned AVG real time was still running and could interfere with combofix resulting in system damage

- I turned off AVG but the real time still runs

- I uninstalled AVG, but when the computer was restarted it came back???

That being said, should I still run combofix with that error? (combofix says it can run at my own risk).

What do you suggest?

Thank you.

[screen317]

Hi,

Use AVG's removal tool:

http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe

Reboot.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now.

[duffman1021]

I ran the AVG removal program. It was interrupted/shut down in the middle of its running.

After the reboot, the program was not gone. When I tried to run the removal program again, it said 'windows cannot access the specified device, path, or file, you may not have the appropriate permission.

So it looks like the virus is hidden in AVG?

it produced a log, here it is;

2011-09-14 16:45:18,703 INFO AvgRemover 2012.0.5

-------------------------------------------------------

2011-09-14 16:45:18,812 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)

2011-09-14 16:45:18,812 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)

2011-09-14 16:45:18,812 INFO Command line: "C:\Documents and Settings\Anthua\My Documents\Downloads\avg_remover_stf_x86_2012_1796.exe"

2011-09-14 16:45:18,812 DEBUG AvgDir param set to C:\Program Files\AVG\AVG8.

2011-09-14 16:45:18,812 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg8.

2011-09-14 16:45:26,796 INFO AvgRemover runs in attempt number 1

2011-09-14 16:45:26,796 INFO Attempting to unregister AVG from the Windows Security Center.

2011-09-14 16:45:26,828 INFO Attempting to uninstall toolbar

2011-09-14 16:45:26,828 INFO ***** Msi data *****

2011-09-14 16:45:26,984 DEBUG No product code found for our upgrade codes, nothing to do here

2011-09-14 16:45:26,984 INFO ***** Exchange&Outlook plugins data *****

2011-09-14 16:45:26,984 INFO Removing AvgOutlook addin

2011-09-14 16:45:26,984 INFO AvgOutlook Removing HKCR addin keys x86

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d

2011-09-14 16:45:26,984 INFO AvgOutlook Removing HKCR addin keys x64

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d

2011-09-14 16:45:26,984 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d

2011-09-14 16:45:26,984 INFO Removing Sharepoint plugin if exists

2011-09-14 16:45:26,984 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013

2011-09-14 16:45:26,984 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013

2011-09-14 16:45:26,984 INFO Removing Antispam plugin for Exchange 2000/2003 if exists

2011-09-14 16:45:26,984 DEBUG Stopping service 'MSExchangeIS' to remove VSAPI plugin...

2011-09-14 16:45:26,984 DEBUG Service MSExchangeIS Stop failed (error: c0070424)

2011-09-14 16:45:26,984 DEBUG Exchange&Outlook plugins removal failed with error 0xc0070424

2011-09-14 16:45:26,984 INFO ***** Services *****

2011-09-14 16:45:27,015 INFO Processing service avgfws8, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service avg8wd, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgWFPx, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgWFPa, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service avg9wd, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgMfx86, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgMfx64, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgLdx64, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgTdiX, it can take several minutes...

2011-09-14 16:45:27,015 INFO Processing service AvgTdiA, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AvgWfpX, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AvgWfpA, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AvgRkx86, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AvgRkx64, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service avg9emc, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service avgfws9, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service avgfws, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AVGIDSAgent, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AVGIDSWatcher, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AVGIDSShimxpx, it can take several minutes...

2011-09-14 16:45:27,031 INFO Processing service AVGIDSFilterxpx, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverxpx, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSShimvtx, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSFiltervtx, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSFiltervta, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSDrivervta, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSShimw7x, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSFilterw7x, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverw7x, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSFilterw7a, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSDriverw7a, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSErHrxpx, it can take several minutes...

2011-09-14 16:45:27,046 INFO Processing service AVGIDSErHrvtx, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrvta, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrw7x, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service AVGIDSErHrw7a, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service avgwd, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service avg8emc, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service AvgLdx86, it can take several minutes...

2011-09-14 16:45:27,062 INFO Processing service AVGIDSDrivervtx, it can take several minutes...

2011-09-14 16:45:27,093 INFO Service AVGIDSErHrw7x is not installed

2011-09-14 16:45:27,093 DEBUG Service AVGIDSErHrw7x RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service AVGIDSErHrw7x are not present

2011-09-14 16:45:27,093 INFO Service avg8emc is not installed

2011-09-14 16:45:27,093 DEBUG Service avg8emc RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service avg8emc are not present

2011-09-14 16:45:27,093 INFO Service avgfws8 is not installed

2011-09-14 16:45:27,093 DEBUG Service avgfws8 RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service avgfws8 are not present

2011-09-14 16:45:27,093 INFO Service avg8wd is not installed

2011-09-14 16:45:27,093 DEBUG Service avg8wd RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service avg8wd are not present

2011-09-14 16:45:27,093 INFO Service AvgWFPx is not installed

2011-09-14 16:45:27,093 DEBUG Service AvgWFPx RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service AvgWFPx are not present

2011-09-14 16:45:27,093 INFO Service AvgWFPa is not installed

2011-09-14 16:45:27,093 DEBUG Service AvgWFPa RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service AvgWFPa are not present

2011-09-14 16:45:27,093 INFO Service AVGIDSDrivervtx is not installed

2011-09-14 16:45:27,093 DEBUG Service AVGIDSDrivervtx RegCleanup

2011-09-14 16:45:27,093 DEBUG Registry keys for service AVGIDSDrivervtx are not present

2011-09-14 16:45:27,093 INFO Service avg9wd is not installed

2011-09-14 16:45:27,109 DEBUG Service avg9wd RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service avg9wd are not present

2011-09-14 16:45:27,109 DEBUG Service AvgLdx86 Stop

2011-09-14 16:45:27,109 INFO Service AvgMfx64 is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgMfx64 RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgMfx64 are not present

2011-09-14 16:45:27,109 INFO Service AvgLdx64 is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgLdx64 RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgLdx64 are not present

2011-09-14 16:45:27,109 INFO Service AvgTdiA is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgTdiA RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgTdiA are not present

2011-09-14 16:45:27,109 INFO Service AvgWfpX is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgWfpX RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgWfpX are not present

2011-09-14 16:45:27,109 INFO Service AvgWfpA is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgWfpA RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgWfpA are not present

2011-09-14 16:45:27,109 INFO Service AvgRkx86 is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgRkx86 RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgRkx86 are not present

2011-09-14 16:45:27,109 INFO Service AvgRkx64 is not installed

2011-09-14 16:45:27,109 DEBUG Service AvgRkx64 RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AvgRkx64 are not present

2011-09-14 16:45:27,109 INFO Service avg9emc is not installed

2011-09-14 16:45:27,109 DEBUG Service avg9emc RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service avg9emc are not present

2011-09-14 16:45:27,109 INFO Service avgfws9 is not installed

2011-09-14 16:45:27,109 DEBUG Service avgfws9 RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service avgfws9 are not present

2011-09-14 16:45:27,109 INFO Service avgfws is not installed

2011-09-14 16:45:27,109 DEBUG Service avgfws RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service avgfws are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSAgent is not installed

2011-09-14 16:45:27,109 DEBUG Service AVGIDSAgent RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSAgent are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSWatcher is not installed

2011-09-14 16:45:27,109 DEBUG Service AVGIDSWatcher RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSWatcher are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSShimxpx is not installed

2011-09-14 16:45:27,109 DEBUG Service AVGIDSShimxpx RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSShimxpx are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSFilterxpx is not installed

2011-09-14 16:45:27,109 DEBUG Service AVGIDSFilterxpx RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSFilterxpx are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSDriverxpx is not installed

2011-09-14 16:45:27,109 DEBUG Service AVGIDSDriverxpx RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSDriverxpx are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSShimvtx is not installed

2011-09-14 16:45:27,109 DEBUG Service AVGIDSShimvtx RegCleanup

2011-09-14 16:45:27,109 DEBUG Registry keys for service AVGIDSShimvtx are not present

2011-09-14 16:45:27,109 INFO Service AVGIDSFiltervtx is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSFiltervtx RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFiltervtx are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSFiltervta is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSFiltervta RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFiltervta are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSDrivervta is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSDrivervta RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDrivervta are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSShimw7x is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSShimw7x RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSShimw7x are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSFilterw7x is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSFilterw7x RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFilterw7x are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSDriverw7x is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSDriverw7x RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDriverw7x are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSFilterw7a is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSFilterw7a RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSFilterw7a are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSDriverw7a is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSDriverw7a RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSDriverw7a are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSErHrxpx is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrxpx RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrxpx are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSErHrvtx is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrvtx RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrvtx are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSErHrvta is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrvta RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrvta are not present

2011-09-14 16:45:27,125 INFO Service AVGIDSErHrw7a is not installed

2011-09-14 16:45:27,125 DEBUG Service AVGIDSErHrw7a RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service AVGIDSErHrw7a are not present

2011-09-14 16:45:27,125 INFO Service avgwd is not installed

2011-09-14 16:45:27,125 DEBUG Service avgwd RegCleanup

2011-09-14 16:45:27,125 DEBUG Registry keys for service avgwd are not present

2011-09-14 16:45:27,125 DEBUG Service AvgMfx86 Stop

2011-09-14 16:45:27,125 DEBUG Service AvgTdiX Stop

2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Stop failed (error: c007041c), RESTART planned

2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Stop failed

2011-09-14 16:45:27,328 DEBUG Service AvgTdiX Delete

2011-09-14 16:45:27,328 DEBUG Service AvgMfx86 Delete

2011-09-14 16:45:27,328 DEBUG Service AvgLdx86 Delete

2011-09-14 16:45:27,343 DEBUG Service AvgTdiX Delete failed (error: c007041c)

2011-09-14 16:45:27,343 DEBUG Service AvgTdiX Delete failed

2011-09-14 16:45:27,343 DEBUG Service AvgTdiX RegCleanup

2011-09-14 16:45:27,687 DEBUG Service AvgLdx86 RegCleanup

2011-09-14 16:45:27,687 DEBUG Service AvgMfx86 RegCleanup

2011-09-14 16:45:28,140 DEBUG Restart is needed (restart counter: 1)

2011-09-14 16:45:28,140 INFO ***** Avg Fw NDIS driver(separate process) *****

2011-09-14 16:45:28,625 INFO AvgRemover 2012.0.5

-------------------------------------------------------

2011-09-14 16:45:28,640 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)

2011-09-14 16:45:28,640 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:ProgramFilesDir (x86) value failed (error: e001003d)

2011-09-14 16:45:28,640 INFO Command line: "C:\Documents and Settings\Anthua\My Documents\Downloads\avg_remover_stf_x86_2012_1796.exe" /ndisonly /skipask

2011-09-14 16:45:28,640 DEBUG AvgDir param set to C:\Program Files\AVG\AVG8.

2011-09-14 16:45:28,640 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg8.

2011-09-14 16:45:28,640 INFO AvgRemover runs in attempt number 1

2011-09-14 16:45:28,640 INFO ***** Avg Fw NDIS driver *****

2011-09-14 16:45:28,640 INFO ...this operation can take several minutes...

2011-09-14 16:45:28,640 INFO FW removing policy

2011-09-14 16:45:28,640 INFO FW policy: deleting value 'SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\program files\avg\avg8\avgupd.exe'

2011-09-14 16:45:33,250 INFO FW NDIS driver not present

2011-09-14 16:45:33,281 DEBUG Remove NDIS driver pass, next uninstalation step is 10, old was 1

2011-09-14 16:45:33,281 INFO ***** end of Fw NDIS separated process *****

2011-09-14 16:45:33,281 INFO ***** Drivers *****

2011-09-14 16:45:33,281 DEBUG Deleting driver 'avgldx86'...

2011-09-14 16:45:40,687 DEBUG Deleting driver 'avgmfx86'...

2011-09-14 16:45:41,421 DEBUG Deleting driver 'avgtdix'...

2011-09-14 16:45:41,796 INFO ***** Running AVG process *****

Is there anything else I can try? I didn't even bother with combofix yet.

thanks again, this is a nasty one.

[screen317]

Hi and welcome to Malwarebytes.

Download this program, and save it next to MBAM.exe

Drag the AVG removal tool onto Inherit.exe.

Wait for it to say OK. See if it will run now.

[duffman1021]

Hi! Did not work!

I did place inherit.exe next to mbam.exe. However, I could not move the AVGuninstaller program into the malwarebytes program folder (windows will not allow it).

Instead, I placed the inherit.exe in my mozilla firefox download folder. I placed the uninstall program onto the inherit.exe file, it said 'ok', but once I ran AVGuninstall it was again promptly halted.

I suspect I won't be able to delete this second version of avg_remover_stf_x86 once I reboot the computer. I also can't delete h5ceuzrc.exe (I used this program when trying to follow your standard protocol from your other forum).

Should I try any of this in safe mode? I have no idea what else to do.

I'm sorry for the trouble. Please let me know if you have any other suggestions. Thanks.

[screen317]

Skip it and continue with the alternate method of running ComboFix outlined above.

[duffman1021]

could not run combofix, windows could not find the file: this is exactly what I typed;

"%userprofile%\desktop\sega.com"/killall

Did I type a quotation mark out of place or use / or \ at wrong places?

I ran combofix from the desktop in safe mode (just clicked sega.com icon). Program ran a few seconds and shut down.

computer will now allow me to delete sega.com, and I 'dont have the appropriate permission' to access it now.

Am I going to need to take my computer somewhere?

thanks

[screen317]

Hi,

My apologies for the delay.

You need a space between the "/ and the killall. Please try it again with a fresh copy of ComboFix.

[duffman1021]

No problem, thanks for getting back to me. So here's the combofix log

ComboFix 11-09-29.06 - Anthua 10/03/2011 17:36:39.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.285 [GMT -4:00]

Running from: c:\documents and settings\Anthua\Desktop\segaa.com

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ExecAfterFirstBoot.exe.e14e59e8.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL3F.tmp.f7e2aef4.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SLD6.tmp.7a0f7bd3.ini

c:\documents and settings\All Users\Application Data\aywq.exe

c:\documents and settings\All Users\Application Data\cvxw.exe

c:\documents and settings\All Users\Application Data\cyph.exe

c:\documents and settings\All Users\Application Data\defender.exe

c:\documents and settings\All Users\Application Data\fasx.exe

c:\documents and settings\All Users\Application Data\fjex.exe

c:\documents and settings\All Users\Application Data\fkfr.exe

c:\documents and settings\All Users\Application Data\gygs.exe

c:\documents and settings\All Users\Application Data\jesr.exe

c:\documents and settings\All Users\Application Data\jhde.exe

c:\documents and settings\All Users\Application Data\lcnx.exe

c:\documents and settings\All Users\Application Data\ncoh.exe

c:\documents and settings\All Users\Application Data\obwp.exe

c:\documents and settings\All Users\Application Data\osxi.exe

c:\documents and settings\All Users\Application Data\rlvn.exe

c:\documents and settings\All Users\Application Data\tkbk.exe

c:\documents and settings\All Users\Application Data\vkaj.exe

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\ExecAfterFirstBoot.exe.e14e59e8.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL10.tmp.fcfe1268.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL2E.tmp.231a1edc.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL3D.tmp.f55a211a.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL3F.tmp.f7e2aef4.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL5F.tmp.a98ba19a.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL7.tmp.7173c420.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SL75.tmp.d5a634e7.ini

c:\documents and settings\Anthua\Local Settings\Application Data\ApplicationHistory\SLD6.tmp.7a0f7bd3.ini

c:\documents and settings\Anthua\WINDOWS

c:\windows\$NtUninstallKB46928$

c:\windows\$NtUninstallKB46928$\1803363282\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB46928$\1803363282\click.tlb

c:\windows\$NtUninstallKB46928$\1803363282\L\gmjfyemo

c:\windows\$NtUninstallKB46928$\1803363282\loader.tlb

c:\windows\$NtUninstallKB46928$\1803363282\U\@00000001

c:\windows\$NtUninstallKB46928$\1803363282\U\@000000c0

c:\windows\$NtUninstallKB46928$\1803363282\U\@000000cb

c:\windows\$NtUninstallKB46928$\1803363282\U\@000000cf

c:\windows\$NtUninstallKB46928$\1803363282\U\@80000000

c:\windows\$NtUninstallKB46928$\1803363282\U\@800000c0

c:\windows\$NtUninstallKB46928$\1803363282\U\@800000cb

c:\windows\$NtUninstallKB46928$\1803363282\U\@800000cf

c:\windows\$NtUninstallKB46928$\3712226711

c:\windows\kb835221.exe

c:\windows\system32\c_17133.nls

c:\windows\windows-kb870669-x86-enu.exe

c:\windows\windowsxp-kb307154-x86-enu.exe

c:\windows\windowsxp-kb867282-x86-enu.exe

c:\windows\windowsxp-kb873333-x86-enu.exe

c:\windows\windowsxp-kb884018-x86-enu.exe

c:\windows\windowsxp-kb884575-x86-enu.exe

c:\windows\windowsxp-kb885250-x86-enu.exe

c:\windows\windowsxp-kb885835-x86-enu.exe

c:\windows\windowsxp-kb885836-x86-enu.exe

c:\windows\windowsxp-kb886185-x86-enu.exe

c:\windows\windowsxp-kb887472-x86-enu.exe

c:\windows\windowsxp-kb887742-x86-enu.exe

c:\windows\windowsxp-kb888113-x86-enu.exe

c:\windows\windowsxp-kb888239-x86-enu.exe

c:\windows\windowsxp-kb888302-x86-enu.exe

c:\windows\windowsxp-kb890047-x86-enu.exe

c:\windows\windowsxp-kb890175-x86-enu.exe

c:\windows\windowsxp-kb891781-x86-enu.exe

.

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected

Restored copy from - The cat found it

Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\system32\dllcache\wuauclt.exe

.

Infected copy of c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE was found and disinfected

Restored copy from - c:\system volume information\_restore{44A4B43F-BF79-4C22-8F5F-38D07C8D6912}\RP1361\A0091676.EXE

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_TDSSSERV

-------\Service_6b7d23d2

.

.

((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))

.

.

2011-10-03 21:51 . 2003-07-28 17:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

2011-10-03 21:30 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys

2011-10-03 21:30 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-17 18:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-17 18:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-13 03:22 . 2011-09-13 03:22 50112 --sha-w- c:\windows\system32\c_17133.nl_

2011-09-11 03:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-09-11 03:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-09-11 02:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-09-11 02:18 . 2011-10-03 21:24 -------- d-----w- C:\ComboFix

2011-09-09 18:54 . 2011-09-11 23:29 -------- d-----w- c:\windows\SxsCaPendDel

2011-09-08 01:36 . 2011-09-08 01:36 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp

2011-09-05 18:30 . 2011-09-08 01:43 -------- d-----w- c:\program files\Windows Defender

2011-09-05 05:22 . 2011-09-18 20:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2005-03-09 19:19 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\vokj.exe

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\kvdi.exe

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\grrd.exe

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\fxmg.exe

2011-07-15 13:29 . 2005-03-09 19:19 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2005-03-09 19:19 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2011-07-05 18:59 . 2011-07-05 18:59 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]

"RTHDCPL"="RTHDCPL.EXE" [2005-02-22 13783040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976]

"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-06 155648]

"Wireless Adapter Manager"="c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-17 530296]

"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2008-09-22 40960]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-3-5 28672]

dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-4-23 315392]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-18 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\utorrent\\utorrent.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\Anthua\\My Documents\\Downloads\\TDS extracted\\TDSSKiller.exe"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbob.exe"=

"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=

.

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 7:43 PM 47360]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-01 c:\windows\Tasks\Java update check.job

- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-11-19 09:27]

.

2005-09-22 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194

FF - ProfilePath - c:\documents and settings\Anthua\Application Data\Mozilla\Firefox\Profiles\9mi3mtl9.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-95417315.sys

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

SafeBoot-svcWRSSSDK

AddRemove-Kaplan's DAT DTB - c:\program files\Kaplan\Kaplan's DAT DTB\DeIsL1.isu

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-03 17:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(840)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'explorer.exe'(3136)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\RTHDCPL.EXE

c:\program files\Citrix\ICA Client\wfcrun32.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

.

**************************************************************************

.

Completion time: 2011-10-03 18:06:03 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-03 22:05

.

Pre-Run: 27,861,790,720 bytes free

Post-Run: 28,188,213,248 bytes free

.

- - End Of File - - F65E87E94E7603ADF45BC5C41945ED78

the program said something about a rootkit, sounds bad. do you know if the virus was removed?

[screen317]

Hi,

Looks like it was hit hard by ComboFix.

However, your copy was pretty old. Please delete your copy of ComboFix, grab a fresh copy, save it to your Desktop, and try double-clicking on it normally.

[duffman1021]

thanks friend, thanks for your patience. here is the report;

ComboFix 11-10-06.03 - Anthua 10/06/2011 15:03:09.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.297 [GMT -4:00]

Running from: c:\documents and settings\Anthua\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Anthua\WINDOWS

.

.

((((((((((((((((((((((((( Files Created from 2011-09-06 to 2011-10-06 )))))))))))))))))))))))))))))))

.

.

2011-10-04 19:27 . 2011-10-04 19:27 -------- d-----w- c:\program files\Dell 720

2011-10-04 19:27 . 2004-05-27 09:25 57344 ----a-w- c:\windows\system32\dlbccinf.dll

2011-10-04 19:27 . 2004-05-27 09:25 49152 ----a-w- c:\windows\system32\dlbccoin.dll

2011-10-04 19:27 . 2004-05-27 09:06 73728 ----a-w- c:\windows\system32\dlbcpwr.dll

2011-10-04 19:27 . 2004-03-04 15:30 311296 ----a-w- c:\windows\system32\LEXBCES.EXE

2011-10-04 19:27 . 2004-03-04 15:26 174592 ----a-w- c:\windows\system32\LEXPPS.EXE

2011-10-04 19:27 . 2003-07-29 13:27 78336 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\DLBCPP5C.DLL

2011-10-04 19:27 . 2002-11-13 19:40 40960 ----a-w- c:\windows\system32\dlbcvs.dll

2011-10-04 19:26 . 2011-10-04 19:26 -------- d-----w- C:\Dell720

2011-10-03 21:51 . 2003-07-28 17:28 89136 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

2011-10-03 21:30 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys

2011-10-03 21:30 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-17 18:29 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-17 18:29 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-13 03:22 . 2011-09-13 03:22 50112 --sha-w- c:\windows\system32\c_17133.nl_

2011-09-11 03:04 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-09-11 03:04 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-09-11 02:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-09-09 18:54 . 2011-09-11 23:29 -------- d-----w- c:\windows\SxsCaPendDel

2011-09-08 01:36 . 2011-09-08 01:36 52480 ----a-w- c:\windows\system32\drivers\tsk17.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2005-03-09 19:19 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\vokj.exe

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\kvdi.exe

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\grrd.exe

2011-09-03 14:02 . 2011-09-03 14:02 0 ----a-w- c:\documents and settings\All Users\Application Data\fxmg.exe

2011-07-15 13:29 . 2005-03-09 19:19 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2011-07-05 18:59 . 2011-07-05 18:59 292664 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-03_21.58.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-04 19:27 . 2002-05-09 18:25 24576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexgo.EXE

- 2002-05-09 19:25 . 2002-05-09 19:25 24576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexgo.EXE

- 2001-01-19 20:50 . 2001-01-19 20:50 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\INSTMON.EXE

+ 2011-10-04 19:27 . 2001-01-19 19:50 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\INSTMON.EXE

- 1996-09-01 15:19 . 1996-09-01 15:19 73856 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\HLP256.DLL

+ 2011-10-04 19:27 . 1996-09-01 14:19 73856 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\HLP256.DLL

- 2002-11-13 20:40 . 2002-11-13 20:40 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcvs.dll

+ 2011-10-04 19:27 . 2002-11-13 19:40 40960 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcvs.dll

+ 2011-10-04 19:27 . 2004-05-27 09:22 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUPD.DLL

- 2005-01-06 07:48 . 2005-01-06 07:48 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUPD.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:26 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUNRS.DLL

- 2006-04-23 20:30 . 2005-01-06 07:56 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUNRS.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:23 48128 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUI5C.DLL

- 2005-01-06 07:51 . 2005-01-06 07:51 48128 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUI5C.DLL

- 2005-01-06 07:20 . 2005-01-06 07:20 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcpwr.dll

+ 2011-10-04 19:27 . 2004-05-27 09:06 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcpwr.dll

- 2003-07-29 14:27 . 2003-07-29 14:27 78336 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPP5C.DLL

+ 2011-10-04 19:27 . 2003-07-29 13:27 78336 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPP5C.DLL

- 2003-04-30 20:35 . 2003-04-30 20:35 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWX.EXE

+ 2011-10-04 19:27 . 2003-04-30 19:35 73728 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWX.EXE

- 2005-01-06 07:50 . 2005-01-06 07:50 85504 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCDR5C.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:23 85504 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCDR5C.DLL

- 2005-01-06 07:54 . 2005-01-06 07:54 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccoin.dll

+ 2011-10-04 19:27 . 2004-05-27 09:25 49152 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccoin.dll

+ 2011-10-04 19:27 . 2004-05-27 09:25 57344 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccinf.dll

- 2005-01-06 07:54 . 2005-01-06 07:54 57344 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbccinf.dll

+ 2011-10-04 19:27 . 2002-05-09 18:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE

- 2002-05-09 19:25 . 2002-05-09 19:25 24576 c:\windows\system32\spool\drivers\w32x86\3\lexgo.EXE

- 2001-01-19 20:50 . 2001-01-19 20:50 40960 c:\windows\system32\spool\drivers\w32x86\3\INSTMON.EXE

+ 2011-10-04 19:27 . 2001-01-19 19:50 40960 c:\windows\system32\spool\drivers\w32x86\3\INSTMON.EXE

+ 2011-10-04 19:27 . 1996-09-01 14:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL

- 1996-09-01 15:19 . 1996-09-01 15:19 73856 c:\windows\system32\spool\drivers\w32x86\3\HLP256.DLL

+ 2011-10-04 19:27 . 2002-11-13 19:40 40960 c:\windows\system32\spool\drivers\w32x86\3\dlbcvs.dll

- 2002-11-13 20:40 . 2002-11-13 20:40 40960 c:\windows\system32\spool\drivers\w32x86\3\dlbcvs.dll

- 2005-01-06 07:48 . 2005-01-06 07:48 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCUPD.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:22 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCUPD.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:26 49152 c:\windows\system32\spool\drivers\w32x86\3\DLBCUNRS.DLL

- 2006-04-23 20:30 . 2005-01-06 07:56 49152 c:\windows\system32\spool\drivers\w32x86\3\DLBCUNRS.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:23 48128 c:\windows\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL

- 2005-01-06 07:51 . 2005-01-06 07:51 48128 c:\windows\system32\spool\drivers\w32x86\3\DLBCUI5C.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:06 73728 c:\windows\system32\spool\drivers\w32x86\3\dlbcpwr.dll

- 2005-01-06 07:20 . 2005-01-06 07:20 73728 c:\windows\system32\spool\drivers\w32x86\3\dlbcpwr.dll

- 2003-07-29 14:27 . 2003-07-29 14:27 78336 c:\windows\system32\spool\drivers\w32x86\3\DLBCPP5C.DLL

+ 2011-10-04 19:27 . 2003-07-29 13:27 78336 c:\windows\system32\spool\drivers\w32x86\3\DLBCPP5C.DLL

+ 2011-10-04 19:27 . 2003-04-30 19:35 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWX.EXE

- 2003-04-30 20:35 . 2003-04-30 20:35 73728 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWX.EXE

- 2005-01-06 07:50 . 2005-01-06 07:50 85504 c:\windows\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:23 85504 c:\windows\system32\spool\drivers\w32x86\3\DLBCDR5C.DLL

- 2005-01-06 07:54 . 2005-01-06 07:54 49152 c:\windows\system32\spool\drivers\w32x86\3\dlbccoin.dll

+ 2011-10-04 19:27 . 2004-05-27 09:25 49152 c:\windows\system32\spool\drivers\w32x86\3\dlbccoin.dll

- 2005-01-06 07:54 . 2005-01-06 07:54 57344 c:\windows\system32\spool\drivers\w32x86\3\dlbccinf.dll

+ 2011-10-04 19:27 . 2004-05-27 09:25 57344 c:\windows\system32\spool\drivers\w32x86\3\dlbccinf.dll

- 2005-10-05 22:01 . 1997-04-09 01:08 299520 c:\windows\uninst.exe

+ 2005-10-05 22:01 . 1997-04-09 00:08 299520 c:\windows\uninst.exe

+ 2011-10-04 19:27 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\ptzipw32.dll

- 1998-10-06 22:12 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\ptzipw32.dll

- 2004-03-04 16:26 . 2004-03-04 16:26 174592 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXPPS.EXE

+ 2011-10-04 19:27 . 2004-03-04 15:26 174592 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXPPS.EXE

- 2004-03-04 16:25 . 2004-03-04 16:25 201216 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXP2P32.DLL

+ 2011-10-04 19:27 . 2004-03-04 15:25 201216 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXP2P32.DLL

- 2003-03-26 19:29 . 2003-03-26 19:29 192512 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexlmpm.dll

+ 2011-10-04 19:27 . 2003-03-26 18:29 192512 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexlmpm.dll

- 2004-02-02 20:08 . 2004-02-02 20:08 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexedf.dll

+ 2011-10-04 19:27 . 2004-02-02 19:08 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexedf.dll

- 2000-02-09 13:35 . 2000-02-09 13:35 170496 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexdrvin.exe

+ 2011-10-04 19:27 . 2000-02-09 12:35 170496 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\lexdrvin.exe

+ 2011-10-04 19:27 . 2004-03-04 15:30 311296 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCES.EXE

- 2004-03-04 16:30 . 2004-03-04 16:30 311296 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCES.EXE

- 2004-03-04 16:27 . 2004-03-04 16:27 147456 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCE.DLL

+ 2011-10-04 19:27 . 2004-03-04 15:27 147456 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEXBCE.DLL

- 2004-03-04 16:34 . 2004-03-04 16:34 197120 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEX2KUSB.DLL

+ 2011-10-04 19:27 . 2004-03-04 15:34 197120 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\LEX2KUSB.DLL

- 2005-01-06 07:24 . 2005-01-06 07:24 380928 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUTIL.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:08 380928 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUTIL.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:24 100352 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCUN5C.EXE

+ 2011-10-04 19:27 . 2004-05-27 09:23 859136 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCSTRN.DLL

- 2005-01-06 07:51 . 2005-01-06 07:51 859136 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCSTRN.DLL

- 2004-03-09 12:38 . 2004-03-09 12:38 229376 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcsk0.dll

+ 2011-10-04 19:27 . 2004-03-09 11:38 229376 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\dlbcsk0.dll

+ 2011-10-04 19:27 . 2004-04-01 14:30 118784 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWX.EXE

- 2004-04-01 15:30 . 2004-04-01 15:30 118784 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWX.EXE

+ 2011-10-04 19:27 . 2004-05-27 09:06 610304 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWR.DLL

- 2005-01-06 07:21 . 2005-01-06 07:21 610304 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSWR.DLL

- 2005-01-06 07:42 . 2005-01-06 07:42 303104 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSW.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:19 303104 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPSW.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:21 450560 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRP.DLL

- 2005-01-06 07:48 . 2005-01-06 07:48 450560 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRP.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:17 839680 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPA.DLL

- 2005-01-06 07:39 . 2005-01-06 07:39 839680 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPA.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:06 479232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWR.DLL

- 2005-01-06 07:20 . 2005-01-06 07:20 479232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSWR.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:09 126976 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSW.DLL

- 2005-01-06 07:25 . 2005-01-06 07:25 126976 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCJSW.DLL

+ 2011-10-04 19:27 . 2004-02-03 18:59 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCICUR.DLL

- 2004-02-03 19:59 . 2004-02-03 19:59 430080 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCICUR.DLL

+ 2011-10-04 19:27 . 2004-01-28 12:14 983101 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCGF.DLL

- 2004-01-28 13:14 . 2004-01-28 13:14 983101 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCGF.DLL

+ 2011-10-04 19:27 . 2004-02-03 18:56 198144 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCFC5C.DLL

- 2004-02-03 19:56 . 2004-02-03 19:56 198144 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCFC5C.DLL

- 1998-10-06 22:12 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll

+ 2011-10-04 19:27 . 1998-10-06 22:12 152576 c:\windows\system32\spool\drivers\w32x86\3\ptzipw32.dll

+ 2011-10-04 19:27 . 2004-02-02 19:08 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL

- 2004-02-02 20:08 . 2004-02-02 20:08 430080 c:\windows\system32\spool\drivers\w32x86\3\LEXEDF.DLL

+ 2011-10-04 19:27 . 2000-02-09 12:35 170496 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe

- 2000-02-09 13:35 . 2000-02-09 13:35 170496 c:\windows\system32\spool\drivers\w32x86\3\lexdrvin.exe

- 2005-01-06 07:24 . 2005-01-06 07:24 380928 c:\windows\system32\spool\drivers\w32x86\3\DLBCUTIL.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:08 380928 c:\windows\system32\spool\drivers\w32x86\3\DLBCUTIL.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:24 100352 c:\windows\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE

+ 2011-10-04 19:27 . 2004-05-27 09:23 859136 c:\windows\system32\spool\drivers\w32x86\3\DLBCSTRN.DLL

- 2005-01-06 07:51 . 2005-01-06 07:51 859136 c:\windows\system32\spool\drivers\w32x86\3\DLBCSTRN.DLL

- 2004-03-09 12:38 . 2004-03-09 12:38 229376 c:\windows\system32\spool\drivers\w32x86\3\dlbcsk0.dll

+ 2011-10-04 19:27 . 2004-03-09 11:38 229376 c:\windows\system32\spool\drivers\w32x86\3\dlbcsk0.dll

- 2004-04-01 15:30 . 2004-04-01 15:30 118784 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWX.EXE

+ 2011-10-04 19:27 . 2004-04-01 14:30 118784 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWX.EXE

+ 2011-10-04 19:27 . 2004-05-27 09:06 610304 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWR.DLL

- 2005-01-06 07:21 . 2005-01-06 07:21 610304 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSWR.DLL

- 2005-01-06 07:42 . 2005-01-06 07:42 303104 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSW.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:19 303104 c:\windows\system32\spool\drivers\w32x86\3\DLBCPSW.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:21 450560 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRP.DLL

- 2005-01-06 07:48 . 2005-01-06 07:48 450560 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRP.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:17 839680 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPA.DLL

- 2005-01-06 07:39 . 2005-01-06 07:39 839680 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPA.DLL

- 2005-01-06 07:20 . 2005-01-06 07:20 479232 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWR.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:06 479232 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSWR.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:09 126976 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSW.DLL

- 2005-01-06 07:25 . 2005-01-06 07:25 126976 c:\windows\system32\spool\drivers\w32x86\3\DLBCJSW.DLL

- 2004-02-03 19:59 . 2004-02-03 19:59 430080 c:\windows\system32\spool\drivers\w32x86\3\DLBCICUR.DLL

+ 2011-10-04 19:27 . 2004-02-03 18:59 430080 c:\windows\system32\spool\drivers\w32x86\3\DLBCICUR.DLL

- 2004-01-28 13:14 . 2004-01-28 13:14 983101 c:\windows\system32\spool\drivers\w32x86\3\DLBCGF.DLL

+ 2011-10-04 19:27 . 2004-01-28 12:14 983101 c:\windows\system32\spool\drivers\w32x86\3\DLBCGF.DLL

- 2004-02-03 19:56 . 2004-02-03 19:56 198144 c:\windows\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL

+ 2011-10-04 19:27 . 2004-02-03 18:56 198144 c:\windows\system32\spool\drivers\w32x86\3\DLBCFC5C.DLL

- 2004-03-04 16:25 . 2004-03-04 16:25 201216 c:\windows\system32\LEXP2P32.DLL

+ 2004-03-04 16:25 . 2004-03-04 15:25 201216 c:\windows\system32\LEXP2P32.DLL

+ 2003-03-26 19:29 . 2003-03-26 18:29 192512 c:\windows\system32\lexlmpm.dll

- 2003-03-26 19:29 . 2003-03-26 19:29 192512 c:\windows\system32\lexlmpm.dll

- 2004-03-04 16:27 . 2004-03-04 16:27 147456 c:\windows\system32\LEXBCE.DLL

+ 2004-03-04 16:27 . 2004-03-04 15:27 147456 c:\windows\system32\LEXBCE.DLL

- 2004-03-04 16:34 . 2004-03-04 16:34 197120 c:\windows\system32\LEX2KUSB.DLL

+ 2004-03-04 16:34 . 2004-03-04 15:34 197120 c:\windows\system32\LEX2KUSB.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:07 2015232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRPR.DLL

- 2005-01-06 07:21 . 2005-01-06 07:21 2015232 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCPRPR.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:06 5419008 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPAR.DLL

- 2005-01-06 07:21 . 2005-01-06 07:21 5419008 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCLPAR.DLL

- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR3.DLL

+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR3.DLL

+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR2.DLL

- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR2.DLL

+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR1.DLL

- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\dell_photo_printer_7e033\DLBCCLR1.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:07 2015232 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRPR.DLL

- 2005-01-06 07:21 . 2005-01-06 07:21 2015232 c:\windows\system32\spool\drivers\w32x86\3\DLBCPRPR.DLL

+ 2011-10-04 19:27 . 2004-05-27 09:06 5419008 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPAR.DLL

- 2005-01-06 07:21 . 2005-01-06 07:21 5419008 c:\windows\system32\spool\drivers\w32x86\3\DLBCLPAR.DLL

+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR3.DLL

- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR3.DLL

- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR2.DLL

+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR2.DLL

+ 2011-10-04 19:27 . 2004-02-03 19:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR1.DLL

- 2004-02-03 20:03 . 2004-02-03 20:03 1449984 c:\windows\system32\spool\drivers\w32x86\3\DLBCCLR1.DLL

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-17 5406720]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2003-11-08 114688]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-15 184320]

"RTHDCPL"="RTHDCPL.EXE" [2005-02-22 13783040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976]

"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-06 155648]

"Wireless Adapter Manager"="c:\program files\sony\Wireless adapter\ZDWLan.EXE" [2007-08-17 530296]

"AutoEJCD_0ACE20FF"="c:\program files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2008-09-22 40960]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-17 2048352]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2009-3-5 28672]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-18 805392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2005-01-18 20:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Sony\\VAIO Media 4.0\\Vc.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\utorrent\\utorrent.exe"=

"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Documents and Settings\\All Users\\Start Menu\\Programs\\utorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Documents and Settings\\Anthua\\My Documents\\Downloads\\TDS extracted\\TDSSKiller.exe"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbob.exe"=

"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=

.

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/1/2009 7:43 PM 47360]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-01 c:\windows\Tasks\Java update check.job

- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-11-19 09:27]

.

2005-09-22 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-03-09 00:12]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194

FF - ProfilePath - c:\documents and settings\Anthua\Application Data\Mozilla\Firefox\Profiles\9mi3mtl9.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG8\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-06 15:15

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(836)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\system32\VESWinlogon.dll

.

- - - - - - - > 'explorer.exe'(3580)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-10-06 15:20:49

ComboFix-quarantined-files.txt 2011-10-06 19:20

ComboFix2.txt 2011-10-03 22:06

.

Pre-Run: 28,144,541,696 bytes free

Post-Run: 28,123,430,912 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /PAE

[spybotsd]

timeout.old=30

.

- - End Of File - - 28C14C18676B6E6599E7B0854F6CB814

I have two other major issues:

1) I cannot control the volume with my keyboard (ie. I used to be able to hit Fn --> F2 to turn speakers on/off).

2) I cannot delete desktop items that we tried to delete the malware with ie. h5ceuzrc.exe and sega.com say that 'access is restricted'

Do you think the malware did this? I already had to re-install my printer!

[screen317]

Yes those sound like symptoms of the malware you have.

Grab a fresh copy of ComboFix, run it, and post its log. Do the same with TDSSKiller.

Also update MBAM, run a Quick Scan, and post its log.

Reboot and let me know what issues remain.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!